2016 Global State of Information Security Survey Sample Slides

The annual Global State of Information Security Survey 2016 is the most comprehensive overview of the evolving information security industry. This year’s results show that organizations are still playing catch up in protecting their assets. Emerging technologies and the adoption of risk frameworks are becoming a key part of cybersecurity. Here is a sample of some of the results.

Sample of the

Enterprise Organizations Still Being Pummeled
AVERAGE NUMBER OF SECURITY INCIDENTS IN PAST YEAR

9,156

8,640
2016

2015

3,577

693
Enterprise (1,000+)

SMB (<1,000)

Q: What is the number of security incidents detected in the past 12 months? (Base: Know the number of security incidents in past 12 months)
Source: The 2016 Global State of Information Security Survey, in partnership with PwC, CIO, CSO, October 2015

2

Organizations Adopting Risk-Based InfoSec Frameworks

43%

Have adopted ISO 27001

36%
37%

Have adopted NIST Cybersecurity Framework
31%
32%

Have adopted SANs Critical Controls

24%
28%

Have adopted ISF Standard of Good Practice

22%
20%

Have adopted other information security framework(s)
11%
Have not adopted an information security framework

6%
11%
10%

Do not know
Enterprise (1,000+)

11%
SMB (<1,000)

Q: Has your organization adopted a risk-based information security framework such as the NIST Cybersecurity Framework,
ISO 27001, Information Security Forum (ISF) Standard of Good Practice?
Source: The 2016 Global State of Information Security Survey, in partnership with PwC, CIO, CSO, October 2015

3

CEOs See Cybersecurity as More Than an IT Issue
MY CEO…
Understands that cybersecurity is a top
business risk

43%

Promotes cybersecurity as a corporate
governance imperative, not simply an IT issue

39%

Understands the costs and benefits of the
cybersecurity program

39%

Supports sufficient funding and resources for
the cybersecurity program

38%

Understands the organization’s information
security technologies

32%

Invites the CISO/CSO to participate in
executive and Board meetings

28%

Is aware of the legal implications of information
security risks
None of the above
Do not know

24%
4%
7%

Q: Which of the following statements describes the role of your organization’s CEO in cybersecurity practices?
Q: Does your organization have a senior executive (CEO, CFO, COO, etc.) who proactively communicates the
importance of information security to the entire organization?
Source: The 2016 Global State of Information Security Survey, in partnership with PwC, CIO, CSO, October 2015

4

Strategies Involve Cloud-based Security Components
59%

Real-time monitoring and analytics

51%
57%

Advanced authentication (multifactor,
biometrics, smartphone tokens)

50%
51%

Identity and access management

43%
50%

Threat intelligence

42%

47%

End-point protection

Collaboration and information sharing

Detection and response capabilities

40%
37%
31%
36%
28%

Enterprise (1,000+)
SMB (<1,000)
Q: Does your organization use cloud-based security services to help ensure data security and privacy?
Q: Which of the following components of cloud-based security has your organization adopted?
(Base: Organization has adopted a cloud-based security service)
Source: The 2016 Global State of Information Security Survey, in partnership with PwC, CIO, CSO, October 2015

5

Big Data Analytics Identify Incidents

51%

Currently in place

44%
23%
25%

Not in place but is a priority over the
next 12 months

14%
14%

Currently outsourced

No plans to adopt

Do not know

9%
14%
6%
6%

Enterprise (1,000+)

SMB (<1,000)

Q: Does your organization employ Big Data analytics to model for and identify information security incidents?
Source: The 2016 Global State of Information Security Survey, in partnership with PwC, CIO, CSO, October 2015

6

Securing IoT an Immediate Need

36%
30%

15%
10%

A security strategy is
in place

We are currently
implementing a
security strategy

A security strategy is We have no plans to
not in place, but is implement this type of
priority over the next
security strategy
12 months

9%

Do not know

Q: Does your organization have a security strategy for the convergence of information, operational,
and consumer technologies (also known as the Internet of Things)?
Source: The 2016 Global State of Information Security Survey, in partnership with PwC, CIO, CSO, October 2015

7

Continue the conversation
To receive more information on CSO’s audience, please contact:
Sue Yanovitch, VP, Marketing at IDG Enterprise
syanovitch@IDGEnterprise.com
To get results from additional IDG Enterprise research when it
happens, or any other news, follow us on Twitter:
@IDGEnterprise
ADDITIONAL WAYS TO STAY ON TOP OF INFORMATION FROM IDG ENTERPRISE:

Sign up to receive our monthly marketing
newsletter at www.idgenterprise.com/newsletter
Visit us on LinkedIn:
www.linkedin.com/company/idg-enterprise